Self-signed certificates settings

Use this page to create self-signed certificates.

To view this administrative console page, click Security > SSL certificate and key management. Under Configuration settings, click Manage endpoint security configurations > {Inbound | Outbound} > ssl_configuration. Under Related items, click Key stores and certificates > keystore. Under Additional Properties, click Personal certificates > Create (drop-down list) > Self-signed certificate.

This same help file is available when you create a new certificate or view an existing certificate. The fields in this help file are described according to how they appear and are used on the administrative console.

Alias

Specifies the alias for the personal certificate in the keystore.

You enter the alias name for the personal certificate in the keystore when you are creating a certificate. The alias name is read-only when you view an existing certificate.

Data type: Text

Version

Specifies the version of the personal certificate. Valid versions include X509 V3, X509 V2, or X509 V1. It is recommended to use X509 V3 certificates.

This field is read-only when you create or view a certificate.

Data type: Text
Default: X509 V3
Range:  

Key size

Specifies the key size of the private key that is used by the personal certificate.

When you are creating a certificate you can select the key size from the drop-down list. This field is read-only when you view a certificate.

Data type: Integer
Default: 1024
Other valid key sizes: 512, 2048, 4096

Common name

Specifies the common name portion of the distinguished name (DN). It is recommended that this name be the host name of the machine on which the certificate resides. In some cases, the common name is used to login during Secure Socket Layer (SSL) certificate authentication; therefore, in some cases, this name might be used as a user ID for a local operating system registry.

When you create a new certificate you can enter the common name in this field. This field does not display when you view an existing certificate.

Data type: Text

Serial number

Identifies the certificate serial number that is generated by the issuer of the certificate. When creating a certificate this field does not appear.

This field is read-only when you view an existing certificate.

Validity period

Specifies the length in days during which the certificate is valid. The default is 365 days. You can enter any number of days you wish.

This field is read-only when you view an existing certificate. This field displays a validity period as a range of days between two dates. For example, Valid from March 16, 2008 to March 16, 2009.

Data type: Text

Organization

You enter the organization portion of the distinguished name. This field is optional.

This field displays only when you create a new certificate.

Data type: Text

Organization unit

Specifies the organization unit portion of the distinguished name. This field is optional.

This field displays only when you create a new certificate.

Data type: Text

Locality

Specifies the locality portion of the distinguished name. This field is optional.

This field displays only when you create a new certificate.

Data type: Text

State/Province

Specifies the state portion of the distinguished name. This field is optional.

This field displays only when you create a new certificate.

Data type: Text

Zip code

Specifies the zip code portion of the distinguished name. This field is optional.

This field displays only when you create a new certificate.

Data type: Integer

Country or region

Select the country portion of the distinguished name from the drop-down list. This field is optional.

This field displays only when you create a new certificate.

Data type: Text
Default: (none)

Refer to http://www.iso.org/iso/en/prods-services/iso3166ma/02iso-3166-code-lists/list-en1.html for a list of ISO 3166 country codes.

Validity period

Identifies the length, in days, when the certificate is valid. The default is 365 days.

This field is read-only when you view an existing certificate and shows the start and end dates.

Issued to

Identifies the distinguished name of the entity to which the certificate was issued.

This field is read-only when you view an existing certificate.

Issued by

Identifies the distinguished name of the entity that issued the certificate. When the personal certificate is self-signed, this name is identical to the Issued to distinguished name.

This field is read-only when you view an existing certificate.

Fingerprint (SHA Digest)

Identifies the Secure Hash Algorithm (SHA hash) of the certificate, which can be used to verify the certificate's hash at another location, such as the client side of a connection.

This field is read-only when you view an existing certificate.

Signature algorithm

Identifies the algorithm used to sign the certificate.

This field is read-only when you view an existing certificate.




Related tasks
Creating a Secure Sockets Layer configuration
Related reference
Keystores and certificates collection
Personal certificates collection
Reference topic Reference topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Feb 6, 2014 8:11:25 PM CST
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=matt&product=was-nd-mp&topic=usec_sslnewperscerts
File name: usec_sslnewperscerts.html